Cybersecurity Careers: Computer Forensics Investigator

Blue gloved hands handle a hard drive with exposed internals.

Computer and information technology (IT) occupations are projected to grow 13 percent by 2026, according to the Bureau of Labor Statistics (BLS). This demand is faster than the average for all occupations and is rooted in greater emphasis on cloud computing, the collection and storage of big data and information security.

Cybersecurity careers such as a computer forensics investigator continue to be in the spotlight, given the number of publicized data breaches that impact businesses and millions of customers. The following sections explore computer forensics and cybersecurity careers.

What Is Computer Forensics?

Computer forensics is the investigation of a computer system that is believed to be involved in a cybercrime. Computer forensics often involves tools to investigate the suspected computer, including programs for copying an entire hard drive to another system for inspection or a utility for comparing file extensions to see if they’ve been camouflaged with phony extensions.

These types of utilities are what a computer forensics investigator would use to conduct an examination of a computer system suspected to be involved in a cybercrime. When cybersecurity professionals conduct a forensic investigation, they follow specific steps outlined by the National Institute of Standards and Technology’s “Guide to Integrating Forensic Techniques into Incident Response.”

  1. Collection: This step involves identifying potential sources of data and acquiring data from them. The plan for acquiring data should prioritize the sources and establish the order in which the data should be acquired. Forensic tools are used to collect volatile data (data that is lost when the computer loses power or is turned off), duplicating non-volatile data sources to collect their data and securing original non-volatile data sources. Once the data is acquired, its integrity should be verified.
  2. Examination: Examining the data involves assessing and extracting the relevant piece of information from the collected data. It can also involve bypassing or mitigating operating system or application features that obscure data and code, including data compression, encryption and access control mechanisms.
  3. Analysis: This step involves studying and analyzing the data to draw conclusions from it. This process includes connecting people, places, items and events to determine what relationships there are. Tools like centralized logging and security event management software can automatically gather and correlate the data.
  4. Reporting: The final step involves preparing and presenting the information resulting from the analysis phase. Reporting can vary based on alternative explanations (information may be complete and it may not be possible to arrive at a definitive explanation), audience consideration (e.g., law enforcement vs. a system administrator) and actionable information (information gained that allows an analyst to collect new sources of information). Another part of the reporting process includes identifying any problems that may need to be remedied, such as policy shortcomings or procedural errors.

Computer forensics is related to other cybersecurity careers. The BLS’s closest career title is grouped under the “information security analyst” role, which can include investigations of systems suspected to be involved in cybercrimes. Here are some of the typical duties that information security analysts have.

  • Monitor computer networks for security breaches and investigate them when violations occur.
  • Install firewalls, data encryption programs and other types of security software to protect data.
  • Prepare reports that document security breaches and the resulting damage.
  • Conduct penetration testing that simulates attacks to locate any system vulnerabilities.
  • Keep up-to-date with the latest information technology security trends.
  • Develop security standards and best practices for the organization.
  • Recommend security enhancements to management or senior IT staff.
  • Help computer users when they need to install or learn about new security products and procedures.

Why Is Computer Forensics Important?

Computer forensics can impact an organization’s network integrity, legal risks and liability, and financial savings, according to the United States Computer Emergency Readiness Team (US-CERT).

Sound computer forensics can help organizations ensure the overall integrity and survivability of network infrastructure. This should be central to network and computer security at any organization.

Legal risks and liability concerns also apply, according to US-CERT. “What happens if you ignore computer forensics or practice it badly? You risk destroying vital evidence or having forensic evidence ruled inadmissible in a court of law. Also, you or your organization may run afoul of new laws that mandate regulatory compliance and assign liability if certain types of data are not adequately protected.”

A final reason is that computer forensics can help save companies money. Organizations recognize how protecting data — as well as their customers’ information and trust — is directly tied to how companies can remain profitable. If data is stolen or corrupted, and/or if customers are impacted, it can have direct consequences to organizations. That is why organizations are expected to spend $101.6 billion on cybersecurity software, services and hardware in 2020, a 38 percent increase from 2016.

All of this plays into the need for more computer forensics and cybersecurity professionals. “Demand for information security analysts is expected to be very high (increase of 28 percent by 2026),” according to the BLS. “Cyberattacks have grown in frequency, and analysts will be needed to come up with innovative solutions to prevent hackers from stealing critical information or creating problems for computer networks.”

Computer Forensics Salary

The BLS does not track salary data for computer forensics specialists.

Information security analysts earn a median annual wage of $92,600. In the top industries, they earn the following median salaries.

  • Finance and insurance: $94,050
  • Computer systems design and related services: $93,490
  • Information: $92,940
  • Administrative and support services: $92,890
  • Management of companies and enterprises: $87,510

Overall, the median annual wage for computer and information technology occupations is $82,860.

Other Cybersecurity Careers

Cybersecurity professionals can have various roles and titles, including:

  • Chief Information Security Officer
  • IT Security Consultant
  • IT Security Engineer
  • Penetration Tester
  • Security Architect
  • Security Systems Administrator

Pursuing a Career in Cybersecurity

Aurora University’s online Bachelor of Science in Computer Science and online Bachelor of Science in Cybersecurity degree programs equip students with the knowledge and skills needed to pursue a future in cybersecurity or for roles such as computer programmer, web developer and computer systems analyst. These programs take place in a fully online environment, allowing students to manage their work and personal schedules.